DigiCert Certificate Policy for Symantec Trust Network (STN) - Version 2.11 April 18, 2019
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
DigiCert
Certificate Policy for
Symantec Trust Network (STN)
Version 2.11
April 18, 2019
DigiCert, Inc.
2801 N. Thanksgiving Way
Suite 500
Lehi, UT 84043
USA
Tel: 1‐801‐877‐2100
Fax: 1‐801‐705‐0481
www.digicert.com
‐i‐DigiCert Certificate Policy for Symantec Trust Network (STN)
© 2017-2019 DigiCert, Inc. All rights reserved.
Printed in the United States of America.
Published date: April 18, 2019
Important – Acquisition Notice
On October 31, 2017, DigiCert, Inc. completed the acquisition of Symantec Corporation’s Website
Security business unit. As a result, DigiCert is now the registered owner of this Certificate Policy
document and the PKI Services described within this document.
However, a hybrid of references to “VeriSign,” “Symantec,” and “DigiCert” shall be evident within
this document for a period of time until it is operationally practical to complete the re-branding of
the Certification Authorities and services. Any references to VeriSign or Symantec as a corporate
entity should be strictly considered to be legacy language that solely reflects the history of
ownership.
Trademark Notices
Symantec, the Symantec Logo, and the Checkmark Logo are the registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. The VeriSign logo, VeriSign
Trust and other related marks are the trademarks or registered marks of VeriSign, Inc. or its
affiliates or subsidiaries in the U.S. and other countries and licensed by DigiCert, Inc. Other
names may be trademarks of their respective owners.
Without limiting the rights reserved above, and except as licensed below, no part of this
publication may be reproduced, stored in or introduced into a retrieval system, or transmitted, in
any form or by any means (electronic, mechanical, photocopying, recording, or otherwise),
without prior written permission of DigiCert, Inc.
Notwithstanding the above, permission is granted to reproduce and distribute this DigiCert STN
Certificate Policy on a nonexclusive, royalty-free basis, provided that (i) the foregoing copyright
notice and the beginning paragraphs are prominently displayed at the beginning of each copy,
and (ii) this document is accurately reproduced in full, complete with attribution of the document
to DigiCert, Inc.
Requests for any other permission to reproduce this DigiCert STN Certificate Policy (as well as
requests for copies from DigiCert) must be addressed to DigiCert, Inc., 2801 N. Thanksgiving
Way, Suite 500, Lehi, UT 84043 USA Tel 1-801-877-2100 Fax 1-801-705-0481 Email:
legal@digicert.com.
‐ ii ‐Table of Contents
Contents
1. INTRODUCTION ..................................................................................................................................................................... 1
1.1 OVERVIEW ............................................................................................................................................................................................................................... 2
1.2 DOCUMENT NAME AND IDENTIFICATION .............................................................................................................................................................................. 2
1.2.1 CABF Policy Identifiers ........................................................................................................................................................ 3
1.2.2 Microsoft Policy Identifiers ................................................................................................................................................. 3
1.3 PKI PARTICIPANTS................................................................................................................................................................................................................... 3
1.3.1 Certification Authorities ..................................................................................................................................................... 3
1.3.2 Registration Authorities ..................................................................................................................................................... 4
1.3.3 Subscribers ......................................................................................................................................................................... 5
1.3.4 Relying Parties.................................................................................................................................................................... 5
1.3.5 Other Participants .............................................................................................................................................................. 5
1.4 CERTIFICATE USAGE ................................................................................................................................................................................................................ 6
1.4.1 Appropriate Certificate Usages .......................................................................................................................................... 6
1.4.2 Prohibited Certificate Uses ................................................................................................................................................. 7
1.5 POLICY ADMINISTRATION ....................................................................................................................................................................................................... 8
1.5.1 Organization Administering the Document........................................................................................................................ 8
1.5.2 Contact Person ................................................................................................................................................................... 8
1.5.3 Person Determining CP Suitability for the Policy ................................................................................................................ 8
1.5.4 CP Approval Procedure....................................................................................................................................................... 8
1.6 DEFINITIONS AND ACRONYMS ................................................................................................................................................................................................ 8
2. PUBLICATION AND REPOSITORY RESPONSIBILITIES ................................................................................................................ 9
2.1 REPOSITORIES .......................................................................................................................................................................................................................... 9
2.2 PUBLICATION OF CERTIFICATE INFORMATION........................................................................................................................................................................ 9
2.3 TIME OR FREQUENCY OF PUBLICATION .................................................................................................................................................................................. 9
2.4 ACCESS CONTROLS ON REPOSITORIES.................................................................................................................................................................................... 9
3. IDENTIFICATION AND AUTHENTICATION .............................................................................................................................. 10
3.1 NAMING ................................................................................................................................................................................................................................10
3.1.1 Type of Names.................................................................................................................................................................. 10
3.1.2 Need for Names to be Meaningful ................................................................................................................................... 11
3.1.3 Anonymity or Pseudonymity of Subscribers ..................................................................................................................... 11
3.1.4 Rules for Interpreting Various Name Forms ..................................................................................................................... 11
3.1.5 Uniqueness of Names ....................................................................................................................................................... 11
3.1.6 Recognition, Authentication, and Role of Trademarks .................................................................................................... 11
3.2 INITIAL IDENTITY VALIDATION............................................................................................................................................................................................... 11
3.2.1 Method to Prove Possession of Private Key ..................................................................................................................... 11
3.2.2 Authentication of Organization Identity and Domain Control ......................................................................................... 11
3.2.3 Authentication of Individual Identity................................................................................................................................ 12
3.2.4 Non‐Verified Subscriber information................................................................................................................................ 14
3.2.5 Validation of Authority ..................................................................................................................................................... 14
3.2.6 Criteria for Interoperation ................................................................................................................................................ 14
3.3 IDENTIFICATION AND AUTHENTICATION FOR RE‐KEY REQUESTS ........................................................................................................................................14
3.3.1 Identification and Authentication for Routine Re‐key ...................................................................................................... 15
3.3.2 Identification and Authentication for Re‐key After Revocation ....................................................................................... 15
3.4 IDENTIFICATION AND AUTHENTICATION FOR REVOCATION REQUEST ................................................................................................................................ 16
4. CERTIFICATE LIFE‐CYCLE OPERATIONAL REQUIREMENTS....................................................................................................... 16
4.1 CERTIFICATE APPLICATION .................................................................................................................................................................................................... 16
4.1.1 Who Can Submit a Certificate Application? ..................................................................................................................... 164.1.2 Enrollment Process and Responsibilities .......................................................................................................................... 16
4.2 CERTIFICATE APPLICATION PROCESSING ..............................................................................................................................................................................17
4.2.1 Performing Identification and Authentication Functions ................................................................................................. 17
4.2.2 Approval or Rejection of Certificate Applications............................................................................................................. 17
4.2.3 Time to Process Certificate Applications .......................................................................................................................... 17
4.2.4 Certificate Authority Authorization (CAA) ........................................................................................................................ 18
4.3 CERTIFICATE ISSUANCE ..........................................................................................................................................................................................................18
4.3.1 CA Actions during Certificate Issuance ............................................................................................................................. 18
4.3.2 Notifications to Subscriber by the CA of Issuance of Certificate ....................................................................................... 18
4.3.3 CABF Requirement for Certificate Issuance by a Root CA................................................................................................. 18
4.4 CERTIFICATE ACCEPTANCE ....................................................................................................................................................................................................18
4.4.1 Conduct Constituting Certificate Acceptance ................................................................................................................... 18
4.4.2 Publication of the Certificate by the CA............................................................................................................................ 19
4.4.3 Notification of Certificate Issuance by the CA to Other Entities ....................................................................................... 19
4.5 KEY PAIR AND CERTIFICATE USAGE ......................................................................................................................................................................................19
4.5.1 Subscriber Private Key and Certificate Usage .................................................................................................................. 19
4.5.2 Relying Party Public Key and Certificate Usage ................................................................................................................ 19
4.6 CERTIFICATE RENEWAL .........................................................................................................................................................................................................20
4.6.1 Circumstances for Certificate Renewal............................................................................................................................. 20
4.6.2 Who May Request Renewal ............................................................................................................................................. 20
4.6.3 Processing Certificate Renewal Requests ......................................................................................................................... 20
4.6.4 Notification of New Certificate Issuance to Subscriber .................................................................................................... 20
4.6.5 Conduct Constituting Acceptance of a Renewal Certificate ............................................................................................. 20
4.6.6 Publication of the Renewal Certificate by the CA ............................................................................................................. 20
4.6.7 Notification of Certificate Issuance by the CA to Other Entities ....................................................................................... 21
4.7 CERTIFICATE RE‐KEY .............................................................................................................................................................................................................21
4.7.1 Circumstances for Certificate Re‐Key ............................................................................................................................... 21
4.7.2 Who May Request Certification of a New Public Key ....................................................................................................... 21
4.7.3 Processing Certificate Re‐Keying Requests....................................................................................................................... 21
4.7.4 Notification of New Certificate Issuance to Subscriber .................................................................................................... 21
4.7.5 Conduct Constituting Acceptance of a Re‐Keyed Certificate ............................................................................................ 21
4.7.6 Publication of the Re‐Keyed Certificate by the CA ............................................................................................................ 21
4.7.7 Notification of Certificate Issuance by the CA to Other Entities ....................................................................................... 22
4.8 CERTIFICATE MODIFICATION ................................................................................................................................................................................................22
4.8.1 Circumstances for Certificate Modification ...................................................................................................................... 22
4.8.2 Who May Request Certificate Modification ..................................................................................................................... 22
4.8.3 Processing Certificate Modification Requests .................................................................................................................. 22
4.8.4 Notification of New Certificate Issuance to Subscriber .................................................................................................... 22
4.8.5 Conduct Constituting Acceptance of Modified Certificate ............................................................................................... 22
4.8.6 Publication of the Modified Certificate by the CA ............................................................................................................ 22
4.8.7 Notification of Certificate Issuance by the CA to Other Entities ....................................................................................... 22
4.9 CERTIFICATE REVOCATION AND SUSPENSION ......................................................................................................................................................................22
4.9.1 Circumstances for Revocation .......................................................................................................................................... 23
4.9.2 Who Can Request Revocation .......................................................................................................................................... 24
4.9.3 Procedure for Revocation Request ................................................................................................................................... 25
4.9.4 Revocation Request Grace Period .................................................................................................................................... 25
4.9.5 Time within Which CA Must Process the Revocation Request ......................................................................................... 25
4.9.6 Revocation Checking Requirements for Relying Parties ................................................................................................... 25
4.9.7 CRL Issuance Frequency ................................................................................................................................................... 26
4.9.8 Maximum Latency for CRLs .............................................................................................................................................. 26
4.9.9 On‐Line Revocation/Status Checking Availability............................................................................................................. 26
4.9.10 On‐Line Revocation Checking Requirements .................................................................................................................... 27
4.9.11 Other Forms of Revocation Advertisements Available ..................................................................................................... 27
4.9.12 Special Requirements Regarding Key Compromise .......................................................................................................... 27
− ii ‐
4.9.13 Circumstances for Suspension .......................................................................................................................................... 27
4.9.14 Who Can Request Suspension .......................................................................................................................................... 274.9.15 Procedure for Suspension Request ................................................................................................................................... 27
4.9.16 Limits on Suspension Period ............................................................................................................................................. 27
4.10 CERTIFICATE STATUS SERVICES .............................................................................................................................................................................................27
4.10.1 Operational Characteristics.............................................................................................................................................. 27
4.10.2 Service Availability ........................................................................................................................................................... 27
4.10.3 Optional Features ............................................................................................................................................................. 28
4.11 END OF SUBSCRIPTION ..........................................................................................................................................................................................................28
4.12 KEY ESCROW AND RECOVERY ...............................................................................................................................................................................................28
4.12.1 Key Escrow and Recovery Policy and Practices ................................................................................................................ 28
4.12.2 Session Key Encapsulation and Recovery Policy and Practices......................................................................................... 29
5. FACILITY, MANAGEMENT, AND OPERATIONAL CONTROLS .................................................................................................... 29
5.1 PHYSICAL CONTROLS .............................................................................................................................................................................................................29
5.1.1 Site Location and Construction......................................................................................................................................... 29
5.1.2 Physical Access ................................................................................................................................................................. 30
5.1.3 Power and Air Conditioning ............................................................................................................................................. 30
5.1.4 Water Exposures .............................................................................................................................................................. 30
5.1.5 Fire Prevention and Protection ......................................................................................................................................... 30
5.1.6 Media Storage .................................................................................................................................................................. 30
5.1.7 Waste Disposal................................................................................................................................................................. 30
5.1.8 Off‐Site Backup................................................................................................................................................................. 30
5.2 PROCEDURAL CONTROLS ......................................................................................................................................................................................................31
5.2.1 Trusted Roles .................................................................................................................................................................... 31
5.2.2 Number of Persons Required per Task ............................................................................................................................. 31
5.2.3 Identification and Authentication for Each Role .............................................................................................................. 31
5.2.4 Roles Requiring Separation of Duties ............................................................................................................................... 32
5.3 PERSONNEL CONTROLS .........................................................................................................................................................................................................32
5.3.1 Qualifications, Experience, and Clearance Requirements ................................................................................................ 32
5.3.2 Background Check Procedures ......................................................................................................................................... 32
5.3.3 Training Requirements ..................................................................................................................................................... 33
5.3.4 Retraining Frequency and Requirements ......................................................................................................................... 33
5.3.5 Job Rotation Frequency and Sequence ............................................................................................................................. 34
5.3.6 Sanctions for Unauthorized Actions ................................................................................................................................. 34
5.3.7 Independent Contractor Requirements ............................................................................................................................ 34
5.3.8 Documentation Supplied to Personnel ............................................................................................................................. 34
5.4 AUDIT LOGGING PROCEDURES .............................................................................................................................................................................................34
5.4.1 Types of Events Recorded ................................................................................................................................................. 34
5.4.2 Frequency of Processing Log ............................................................................................................................................ 35
5.4.3 Retention Period for Audit Log ......................................................................................................................................... 35
5.4.4 Protection of Audit Log .................................................................................................................................................... 35
5.4.5 Audit Log Backup Procedures ........................................................................................................................................... 35
5.4.6 Audit Collection System (Internal vs. External) ................................................................................................................ 35
5.4.7 Notification to Event‐Causing Subject .............................................................................................................................. 35
5.4.8 Vulnerability Assessments ................................................................................................................................................ 35
5.5 RECORDS ARCHIVAL ..............................................................................................................................................................................................................35
5.5.1 Types of Records Archived................................................................................................................................................ 35
5.5.2 Retention Period for Archive ............................................................................................................................................ 36
5.5.3 Protection of Archive ........................................................................................................................................................ 36
5.5.4 Archive Backup Procedures .............................................................................................................................................. 36
5.5.5 Requirements for Time‐Stamping of Records................................................................................................................... 36
5.5.6 Archive Collection System (Internal or External) .............................................................................................................. 36
5.5.7 Procedures to Obtain and Verify Archive Information ..................................................................................................... 36
5.6 KEY CHANGEOVER ................................................................................................................................................................................................................ 36
5.7 COMPROMISE AND DISASTER RECOVERY .............................................................................................................................................................................37
5.7.1 Incident and Compromise Handling Procedures .............................................................................................................. 37
5.7.2 Computing Resources, Software, and/or Data Are Corrupted ......................................................................................... 375.7.3 Entity Private Key Compromise Procedures ..................................................................................................................... 37
5.7.4 Business Continuity Capabilities after a Disaster ............................................................................................................. 37
5.8 CA OR RA TERMINATION .....................................................................................................................................................................................................38
5.9 DATA SECURITY .................................................................................................................................................................................................................... 38
6. TECHNICAL SECURITY CONTROLS ......................................................................................................................................... 39
6.1 KEY PAIR GENERATION AND INSTALLATION .........................................................................................................................................................................39
6.1.1 Key Pair Generation ......................................................................................................................................................... 39
6.1.2 Private Key Delivery to Subscriber .................................................................................................................................... 39
6.1.3 Public Key Delivery to Certificate Issuer ........................................................................................................................... 39
6.1.4 CA Public Key Delivery to Relying Parties ......................................................................................................................... 40
6.1.5 Key Sizes ........................................................................................................................................................................... 40
6.1.6 Public Key Parameters Generation and Quality Checking ................................................................................................ 40
6.1.7 Key Usage Purposes (as per X.509 v3 Key Usage Field).................................................................................................... 40
6.2 PRIVATE KEY PROTECTION AND CRYPTOGRAPHIC MODULE ENGINEERING CONTROLS .....................................................................................................41
6.2.1 Cryptographic Module Standards and Controls ............................................................................................................... 41
6.2.2 Private Key (m out of n) Multi‐Person Control ................................................................................................................. 41
6.2.3 Private Key Escrow ........................................................................................................................................................... 41
6.2.4 Private Key Backup ........................................................................................................................................................... 41
6.2.5 Private Key Archival.......................................................................................................................................................... 42
6.2.6 Private Key Transfer Into or From a Cryptographic Module............................................................................................. 42
6.2.7 Private Key Storage on Cryptographic Module ................................................................................................................ 42
6.2.8 Method of Activating Private Key .................................................................................................................................... 42
6.2.9 Method of Deactivating Private Key ................................................................................................................................ 44
6.2.10 Method of Destroying Private Key ................................................................................................................................... 44
6.2.11 Cryptographic Module Rating .......................................................................................................................................... 44
6.3 OTHER ASPECTS OF KEY PAIR MANAGEMENT ..................................................................................................................................................................... 44
6.3.1 Public Key Archival ........................................................................................................................................................... 44
6.3.2 Certificate Operational Periods and Key Pair Usage Periods ........................................................................................... 45
6.4 ACTIVATION DATA.................................................................................................................................................................................................................46
6.4.1 Activation Data Generation and Installation ................................................................................................................... 46
6.4.2 Activation Data Protection ............................................................................................................................................... 46
6.4.3 Other Aspects of Activation Data ..................................................................................................................................... 47
6.5 COMPUTER SECURITY CONTROLS .........................................................................................................................................................................................47
6.5.1 Specific Computer Security Technical Requirements ........................................................................................................ 47
6.5.2 Computer Security Rating ................................................................................................................................................ 48
6.6 LIFE CYCLE TECHNICAL CONTROLS .......................................................................................................................................................................................48
6.6.1 System Development Controls ......................................................................................................................................... 48
6.6.2 Security Management Controls ........................................................................................................................................ 48
6.6.3 Life Cycle Security Controls............................................................................................................................................... 48
6.7 NETWORK SECURITY CONTROLS ...........................................................................................................................................................................................49
6.8 TIME‐STAMPING .................................................................................................................................................................................................................. 49
7. CERTIFICATE, CRL, AND OCSP PROFILES ................................................................................................................................ 49
7.1 CERTIFICATE PROFILE ............................................................................................................................................................................................................49
7.1.1 Version Number(s) ........................................................................................................................................................... 49
7.1.2 Certificate Extensions ....................................................................................................................................................... 50
7.1.3 Algorithm Object Identifiers ............................................................................................................................................. 51
7.1.4 Name Forms ..................................................................................................................................................................... 52
7.1.5 Name Constraints............................................................................................................................................................. 52
7.1.6 Certificate Policy Object Identifier .................................................................................................................................... 52
7.1.7 Usage of Policy Constraints Extension ............................................................................................................................. 52
7.1.8 Policy Qualifiers Syntax and Semantics ............................................................................................................................ 52
7.1.9 Processing Semantics for the Critical Certificate Policies Extension ................................................................................. 53
7.2 CRL PROFILE ........................................................................................................................................................................................................................ 53
7.2.1 Version Number(s) ........................................................................................................................................................... 537.2.2 CRL and CRL Entry Extensions .......................................................................................................................................... 53
7.3 OCSP PROFILE ..................................................................................................................................................................................................................... 53
7.3.1 Version Number(s) ........................................................................................................................................................... 54
7.3.2 OCSP Extensions ............................................................................................................................................................... 54
8. COMPLIANCE AUDIT AND OTHER ASSESSMENTS .................................................................................................................. 54
8.1 FREQUENCY AND CIRCUMSTANCES OF ASSESSMENT........................................................................................................................................................... 55
8.2 IDENTITY/QUALIFICATIONS OF ASSESSOR ............................................................................................................................................................................55
8.3 ASSESSOR'S RELATIONSHIP TO ASSESSED ENTITY ................................................................................................................................................................ 55
8.4 TOPICS COVERED BY ASSESSMENT .......................................................................................................................................................................................55
8.5 ACTIONS TAKEN AS A RESULT OF DEFICIENCY ......................................................................................................................................................................56
8.6 COMMUNICATIONS OF RESULTS ...........................................................................................................................................................................................56
9. OTHER BUSINESS AND LEGAL MATTERS ............................................................................................................................... 56
9.1 FEES ....................................................................................................................................................................................................................................... 56
9.1.1 Certificate Issuance or Renewal Fees ............................................................................................................................... 56
9.1.2 Certificate Access Fees ..................................................................................................................................................... 56
9.1.3 Revocation or Status Information Access Fees ................................................................................................................. 57
9.1.4 Fees for Other Services ..................................................................................................................................................... 57
9.1.5 Refund Policy .................................................................................................................................................................... 57
9.2 FINANCIAL RESPONSIBILITY ...................................................................................................................................................................................................57
9.2.1 Insurance Coverage .......................................................................................................................................................... 57
9.2.2 Other Assets ..................................................................................................................................................................... 57
9.2.3 Extended Warranty Coverage .......................................................................................................................................... 57
9.3 CONFIDENTIALITY OF BUSINESS INFORMATION ................................................................................................................................................................... 57
9.3.1 Scope of Confidential Information ................................................................................................................................... 57
9.3.2 Information Not Within the Scope of Confidential Information ....................................................................................... 58
9.3.3 Responsibility to Protect Confidential Information .......................................................................................................... 58
9.4 PRIVACY OF PERSONAL INFORMATION .................................................................................................................................................................................58
9.4.1 Privacy Plan ...................................................................................................................................................................... 58
9.4.2 Information Treated as Private ........................................................................................................................................ 58
9.4.3 Information Not Deemed Private ..................................................................................................................................... 58
9.4.4 Responsibility to Protect Private Information .................................................................................................................. 58
9.4.5 Notice and Consent to Use Private Information ............................................................................................................... 58
9.4.6 Disclosure Pursuant to Judicial or Administrative Process ............................................................................................... 59
9.4.7 Other Information Disclosure Circumstances ................................................................................................................... 59
9.5 INTELLECTUAL PROPERTY RIGHTS .........................................................................................................................................................................................59
9.5.1 Property Rights in Certificates and Revocation Information ............................................................................................ 59
9.5.2 Property Rights in the CP.................................................................................................................................................. 59
9.5.3 Property Rights in Names ................................................................................................................................................. 59
9.5.4 Property Rights in Keys and Key Material ........................................................................................................................ 59
9.6 REPRESENTATIONS AND WARRANTIES .................................................................................................................................................................................60
9.6.1 CA Representations and Warranties ................................................................................................................................ 60
9.6.2 RA Representations and Warranties ................................................................................................................................ 60
9.6.3 Subscriber Representations and Warranties .................................................................................................................... 60
9.6.4 Relying Party Representations and Warranties ............................................................................................................... 61
9.6.5 Representations and Warranties of Other Participants ................................................................................................... 61
9.7 DISCLAIMERS OF WARRANTIES .............................................................................................................................................................................................61
9.8 LIMITATIONS OF LIABILITY .....................................................................................................................................................................................................61
9.9 INDEMNITIES......................................................................................................................................................................................................................... 62
9.9.1 Indemnification by Subscribers ........................................................................................................................................ 62
9.9.2 Indemnification by Relying Parties ................................................................................................................................... 62
9.9.3 Indemnification of Application Software Suppliers .......................................................................................................... 62
9.10 TERM AND TERMINATION .....................................................................................................................................................................................................63
9.10.1 Term ................................................................................................................................................................................. 63
9.10.2 Termination ...................................................................................................................................................................... 639.10.3 Effect of Termination and Survival ................................................................................................................................... 63
9.11 INDIVIDUAL NOTICES AND COMMUNICATIONS WITH PARTICIPANTS..................................................................................................................................63
9.12 AMENDMENTS ...................................................................................................................................................................................................................... 63
9.12.1 Procedure for Amendment ............................................................................................................................................... 63
9.12.2 Notification Mechanism and Period ................................................................................................................................. 63
9.12.3 Circumstances under Which OID Must be Changed ......................................................................................................... 64
9.13 DISPUTE RESOLUTION PROVISIONS ......................................................................................................................................................................................64
9.13.1 Disputes among DigiCert, Affiliates, and Customers........................................................................................................ 64
9.13.2 Disputes with End‐User Subscribers or Relying Parties .................................................................................................... 65
9.14 GOVERNING LAW ................................................................................................................................................................................................................. 65
9.15 COMPLIANCE WITH APPLICABLE LAW ..................................................................................................................................................................................65
9.16 MISCELLANEOUS PROVISIONS ..............................................................................................................................................................................................65
9.16.1 Entire Agreement ............................................................................................................................................................. 65
9.16.2 Assignment....................................................................................................................................................................... 65
9.16.3 Severability ....................................................................................................................................................................... 65
9.16.4 Enforcement (Attorney's Fees and Waiver of Rights)....................................................................................................... 66
9.16.5 Force Majeure .................................................................................................................................................................. 66
9.17 OTHER PROVISIONS...............................................................................................................................................................................................................66
APPENDIX A. TABLE OF ACRONYMS AND DEFINITIONS................................................................................................................. 67
TABLE OF ACRONYMS ......................................................................................................................................................................................................................... 67
DEFINITIONS ......................................................................................................................................................................................................................................... 68You can also read
